CVE-2022-22683 — CRITICAL (10.0)

Q: How severe is CVE-2022-22683?

CVE-2022-22683 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2022-22683?

Check the references section above for vendor advisories and patch information. Affected products include: Synology Media Server, Synology Diskstation Manager, Synology Router Manager.

Vulnerability Description

Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Synology	Media Server	< 1.8.1-2876
Synology	Diskstation Manager	6.2
Synology	Router Manager	1.2

Related Weaknesses (CWE)

CWE-120

References

https://www.synology.com/security/advisory/Synology_SA_20_24Vendor Advisory
https://www.synology.com/security/advisory/Synology_SA_20_24Vendor Advisory

FAQ

What is CVE-2022-22683?

CVE-2022-22683 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in cgi component in Synology Media Server before 1.8.1-2876 allows remote attackers to execute arbitrary code via u...

How severe is CVE-2022-22683?

CVE-2022-22683 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2022-22683?

Check the references section above for vendor advisories and patch information. Affected products include: Synology Media Server, Synology Diskstation Manager, Synology Router Manager.